15dea60c92273dbf4795209b2a3a5962

Sharing

Copy URL

Twitter E-mail

General

Target

15dea60c92273dbf4795209b2a3a5962
Size

360KB
MD5

15dea60c92273dbf4795209b2a3a5962
SHA1

6959028f208f773c54b6ef4cadb050ade6de8935
SHA256

20d7f0a2f7399259c8908e9fd345082146bd1b6684039cc204dae7c7b85294eb
SHA512

e0ae5b00906da51adf60bfb314df921db8b40f508bf7a0be9b61b4f5365320abe1166bb464fb2c237cb92fba08494e40d3e5f19929ac8637a4a59dc301606523
SSDEEP

6144:mwLfBPgL0YAN+d/HAVxTW8psaHY7FF8gUx+Nct8jN0BZncNf4yGeIebB0Dsibrj+:moBIIYs+dfAXrpsaH6Fdy8j824950CsN

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AHLAMO~1.EXE
unpack001/HOTSHE~1.EXE

Files

15dea60c92273dbf4795209b2a3a5962
.cab
AHLAMO~1.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_MEM_READ
HOTSHE~1.EXE
.exe windows:4 windows x86 arch:x86

634c892859b32ec0da4a9748dab7c903

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutWrite
waveOutPause
waveOutReset
waveOutOpen
waveOutUnprepareHeader
waveOutClose
waveOutPrepareHeader

msacm32

acmStreamOpen
acmStreamPrepareHeader
acmStreamConvert

mfc42

ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord4376
ord2379
ord2754
ord6197
ord6380
ord2864
ord4710
ord6157
ord4317
ord2380
ord4673
ord5265
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord3626
ord3663
ord2414
ord1134
ord3619
ord1146
ord1168
ord2086
ord2256
ord755
ord470
ord800
ord1576
ord2515
ord355
ord2567
ord2859
ord4133
ord4297
ord537
ord5875
ord1641
ord2753
ord3920
ord6215
ord4224
ord4299
ord3584
ord543
ord803
ord6307
ord4167
ord521
ord823
ord1948
ord5303
ord4699
ord5715
ord565
ord817
ord2726
ord4226
ord1175
ord2860
ord825
ord4274
ord3499

msvcrt

fopen
fwrite
malloc
free
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
fseek
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_ftol
rand
__CxxFrameHandler
ftell
fread
fclose
_acmdln
sprintf
_setmbcp
_stricmp

kernel32

Sleep
GetStartupInfoA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
GetTickCount

user32

GetClientRect
GetDesktopWindow
EnableWindow
LoadIconA
SendMessageA
DrawIcon
GetSystemMetrics
IsIconic
RedrawWindow
PostThreadMessageA
ReleaseDC
GetDC
DrawIconEx
GetIconInfo
OffsetRect
ReleaseCapture
SetCapture
PtInRect
ClientToScreen
GetWindowRect
SetCursor
ScreenToClient
GetCursorPos
LoadCursorA
CopyRect
PostMessageA
IsWindowVisible

gdi32

GetBitmapBits
CreateFontA
GetTextExtentPoint32A
StretchDIBits

Exports

Exports

??0CTPImage@@QAE@ABV0@@Z
??0CTPImage@@QAE@XZ
??1CTPImage@@UAE@XZ
??4CPixel@@QAEAAU0@ABU0@@Z
??4CTPImage@@QAEAAV0@ABV0@@Z
??8CPixel@@QAEHU0@@Z
??9CPixel@@QAEHU0@@Z
??GCPixel@@QAEHU0@@Z
??YCPixel@@QAEXH@Z
??ZCPixel@@QAEXH@Z
??_7CTPImage@@6B@
?BuildGrayChannel@CTPImage@@QAEKXZ
?ChannelFrom@CTPImage@@QAEHPAVCTPChannel@@H@Z
?ComputeLaplasToAlpha@CTPImage@@QAEXXZ
?Create@CTPImage@@QAEJII@Z
?CreateNewInstance@CTPImage@@SAPAV1@XZ
?DuplicateFrom@CTPImage@@QAEHPAV1@@Z
?Free@CTPImage@@QAEXXZ
?GetAreaByteSize@CTPImage@@QAEIXZ
?GetAveragePixel@CTPImage@@QAE?AUCPixel@@XZ
?GetBuffer@CTPImage@@QAEPAUCPixel@@HH@Z
?GetGray2@CPixel@@QAEEXZ
?GetGray@CPixel@@QAEEXZ
?GetPixel2@CTPImage@@QAE?AUCPixel@@HH@Z
?GetPixel@CTPImage@@QAEKHH@Z
?GetSafePixel@CTPImage@@QAE?AUCPixel@@HH@Z
?GetSize@CTPImage@@QAEXAAI0@Z
?LoadFromFile@CTPImage@@QAEJPAD@Z
?PutPixel@CTPImage@@QAEXHHUCPixel@@@Z
?SaveToFile@CTPImage@@QAEJPAD@Z

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 10KB

.rsrc Size: 288KB - Virtual size: 288KB

634c892859b32ec0da4a9748dab7c903

Headers

File Characteristics

Imports

winmm

msacm32

mfc42

msvcrt

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 59KB

.rsrc Size: 20KB - Virtual size: 17KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 10KB

.rsrc
Size: 288KB - Virtual size: 288KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 59KB

.rsrc
Size: 20KB - Virtual size: 17KB